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Abstract. In this article we show that the Czech mathematician Vaclav 
Simerka discovered the factoriation of i(10^^ — 1) using a method based on the 
class group of binary quadratic forms more than 120 years before Shanks and 
Schnorr developed similar algorithms. Simerka also gave the first examples of 
what later became known as Carmichael numbers. 



According to Dickson f^, I. p. 172], the number 

10^^ - 1 



N = 11111111111111111 = 



was first factored by Le Lasseur in 1886, and the resuh was pubhshed by Lucas in 
the same year. ActuaUy the factorization of N aheady appeared as a side result 
in a forgotten memoir [19] of Vacla\13 Simerka, in which he presented his ideas on 
composition of positive definite forms, computation of class numbers, and the prime 
factorization of large integers such as N. 
In fact, consider the binary quadratic form 

Q = (2, 1, 1388888888888889) 

with discriminant A = —N. If we knew that h = 107019310 was (a multiple of) 
the order of [Q] in Cl(— A^), then a simple calculation would reveal that 

gV2 _ (2071723,2071723,1341323520), 

from which we could read off the factorization 

N = 2071723 • 5363222357. 

This idea for factoring integers was later rediscovered by Daniel Shanks in the 1970s; 
subsequent work on this idea led Shanks to introduce the notion of infrastructure, 
which has played a major role in algorithmic number theory since then. 

In (19j . Simerka explains Gauss's theory of composition using the language from 
Legendre's Theorie des Nombres. The rest of his article [19 is dedicated to the 
calculation of the order of a quadratic form in the class group, and an application 
to factoring integers. 

In this article we will review Simerka's work and explain some of his calculations 
so that the readers may convince themselves that [19 contains profound ideas and 
important results. 



^In his German publications, Simerka used the germanized name Wenzel instead of Vaclav. 
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1. A Short Biography 

Vaclav Simerka was born on Dec. 20, 1819, in Hochwesseln (Vysokem Veself). He 
studied philosphy and theology in Koniggratz, was ordained in 1845 and worked as a 
chaplain in Zlunice near Jicin. He started studying mathematics and physics in 1852 
and became a teacher at the gymnasium of Budweis. He did not get a permanent 
appointment there, and in 1862 became priest in Jensovice near Vusoke Myto. 
Today, Simerka is remembered for his textbook on algebra (1863); its appendix 
contained an introduction to calculus and is the first Czech textbook on calculus. 
Simerka died in Praskacka near Koniggratz (Praskacce u Hradce Kralove) on Dec. 
26, 1887. 

Simerka's contributions to the theory of factoring have not been noticed at all, 
and his name does not occur in any history of number theory except Dickson's: 
see [H II, p. 196] for a reference to Simerka's article which deals with the 
diophantine problem of rational triangles. In [4, HI, p. 67], Dickson even refers to 
|19) in connection with the composition of binary quadratic forms. 

In [2^, Simerka gave a detailed presentation of a large part of Legendre's work on 
sums of three squares. In [53], Simerka proved that 7-2^^ + 1 | F12 and 5-2^^ + 1 \ F23 
(these factors had just been obtained by Pcrvouchin), where Fn denotes the rt-th 
Fermat number. In [ST, Simerka listed the Carmichael numbers [25| 

n = 561, 1105, 1729, 2465, 2821, 6601, 8911 

long before Korselt [llj gave criteria hinting at their existence and Carmichael [2] 
gave what was believed to be the first example. All of Simerka's examples are 
products of three prime factors, and there are no others below 10 000. 
For more on Simerka, see [31 [TOl US] . 

2. The Simerka Map 

Let us now present Simerka's ideas from [19] in a modern form. At the end of 
this section, we will explain Simerka's language. Let Q be a positive definite binary 
quadratic form with discriminant A. If Q primitively represents a (necessarily 
positive) integer a, then Q is equivalent to a unique form (a, B, C) with —a < B < a. 
Let 

denote the prime factorization of a. For each prime pj \ a, fix an integer —pj < 
bj < Pj with B = bj mod pj and set 

[ + 1 if6j>0, 
^ j-1 if6j<0. 

Thus if a = Q{x,y), then we can define 

m,a)^l[pp. 



Example. The principal form Qq ~ (1, 0, 5) with discriminant —20 represents the 
following values: 



a 


1 


5 


6 9 


14 


21 


21 


Q 


(1,0,5) 


(5,0,1) 


(6,2,1) (9,4,1) 


(14,6,1) 


(21,8,1) 


(21,20,5) 


s{a,Qo) 


1 


5 


2-3 32 


2 • 7 


3-7 


3-1 • 7 
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Forms equivalent to Q = (2, 2, 3) give us the following values: 



a 


2 


3 7 


87 87 


Q 


(2,2,3) 


(3,-2,2) (7,6,2) 


(87, 26, 2) (87, 32, 3) 


s{a,Qo) 


2 


3-1 7 


3-29 3-29-1 



The ideal theoretic interpretation of the Simerka map is the following: there 

is a correspondence between binary qiiadratic forms Q with discriminant A < 
and ideals a{Q) in a suitable order of the quadratic number field Q(-\/A). Equiv- 
alent forms correspond to equivalent ideals, and integers a represented by Q, say 
Q(:r. y) = a, correspond to norms of elements aa{Q) via a = Na/Na{Q). Inte- 
gers represented primitively by Q are characterized by the fact that a S Ct(Q) is 
not divisible by a rational prime number. If we fix prime ideals pj = a{Qj) by 
a{Qj) for Qj = {pj,Bj,C) with < i?j < pj and formally set p-i = o(Q^) with 
Q'j = (ft 1 -Bj,C), then s(a, Q) = p^^ ■ ■ ■ is equivalent to (a) = p^^ ■ ■ ■ p^^a{Q). 
Assume that a = pi ■ ■ ■ Pr, and that Q = (a, B, C). Then 

(a,S,C) = {px,B,P2---PrC) ■ {p2,B,piP3---prC)--- {pr, B,pi ■ ■ ■ Pr-lC). 

If we write bj = B mod 2pj with —pj < bj < pj , then 

s{a,Q) = s{pi,Qi)---s{pr,Qr) 

by definition of s. 

We start by showing that the value set of s is closed with respect to inversion. 
To this end we use the notation {A,B,C)~^ = {A,—B,C). Then it follows right 
from the definition of s that if s(a, Q) = r, then s(a, Q~^) = r~^. 

Now we claim 

Lemma 2.1. Let A be a fundamental discriminant. Assume that Qi{xi,yi) = ai 
and Q2ix2,y2) = (12, and that Q3 ~ QiQ2- Then there exist integers a3,xs,y3 such 
that Qzix^.y^) = 03 and §(03,(53) = §(0,1, Qi) • §(02, (52)- 

Proof. Writing Qi = (ai,Si,Ci) = (pi, Bi, aiCi/pi) • • • (p^, ^i, aiCi/p^) and (32 = 
(02,52,(72) = (51,-62, (12 ^2/91) • • • {qs,B2,a2C2/qs), where ai=pi- --pr and 02 = 
qi ■ ■ ■ Qs are the prime factorizations of ai and 02, we sec that it is sufficient to prove 
the result for prime values of ai and 02. There arc several cases: 

(1) Qi = (p, 6i,ci), Q2 = (q,b2,C2) with p ^ q: for composing these forms 
using Dirichlet's method, we choose an integer b satisfying the congruences 

b= bi mod 2p, and 6 = 62 mod 2q. 

Then Qi ^ {p, b, qc') and Q2 ^ {q, b,pc'), and we find Q1Q2 = {pq, b, c') as 
well as s{pq, Q1Q2) = s{p, Qi) s{q, Q2) by the definition of s. 

(2) Qi = {p, 61, Ci), Q2 = (p, — 61, Ci) = Q~^: here Dirichlet composition shows 
Q1Q2 = (1,^1, pci) ^ Qo, and since s{Q2) = s{Qi)~^ we also have 1 = 
s(l, Q1Q2) = s{p, Qi) s{p, Q2). 

(3) Q\ = {p,bi,c\) = Q2- if P t ^! then p ] b\, and we can easily find an 
integer b = bi mod 2p with 6^ = A mod 2pf . But then Qi ^ {p, b,pc') and, 
by Dirichlet composition, Ql = {p'^,b,c'). As before, the definition of s 
immediately shows that s{p^, Q^) = s{p, Qi)^. 

If p I A and p is odd, on the other hand, then p \ bi. Since A is 
fundamental, the form Qi is ambiguous, hence Qf ~ Qq. Since s(Qi) = 1, 
the multiplicativity is clear. 
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This completes the proof. 



□ 



Proposition 2.2. Let Qo denote the principal form with discriminant A < 0. 
Then the elements s(a, Qo) form a subgroup TZ of . 

Proof. It remains to show that if Q represents a and b, then it represents ab in such 
a way that s{ab,Qo) = s{a,Qo)s(b,Qo). Again we can reduce this to the case of 
prime values of a and b, and in this case the claim follows from the proof of Lemma 



Proposition 2.3. Assume that a is represented properly by Q, and that a' is rep- 
resented properly by Q' . If Q ^ Q' , then 



Proof. Since equivalent forms represent the same integers it is sufhcient to show that 
if a form Q properly represents numbers a and 6, then s(a, Q) = s(b, Q) mod TZ. 

Assume that Q — {A, B, C), and set s(a, Q) — r and s{b, Q) — s. If a and b are 
coprime, then s{ab,Qo) = r • G TZ, where Qo is the composition of Q and Q~^. 
This implies the claim. 

If a and b have a factor in common, then there is an integer c such that n = abj (? 
is represented by Qo in such a way that s(n, Qo) = r-s~^ G 7?,, and the claim follows 
as above. □ 

These propositions show that s induces a homomorphism 



from the class group C1(A) to /TZ, which we will also denote by s, and which 
will be called the Simerka map. 

Theorem 2.4. Let A < fee a fundamental discriminant. Then the Simerka map 
is an injective homomorphism of abelian groups. 

Proof. We have to show that s is injective. To this end, let [Q] denote a class with 
a = s(Q) € TZ. Then there is a form Qq = {A,B,C) ~ Qo with s(A, Qo) = a. 
But then Qi = Q • [A, —B, C) is a form equivalent to Q with s(Qi) = 1. This in 
turn implies that Qi represents 1, hence is equivalent to the principal form by the 
classical theory of binary quadratic forms. □ 

Simerka's idea is to use a set of small prime numbers S = {pi, . . . ,pr} which 
are smaller than (and a subset of these if |A| is large), find integers aj 

primitively represented by Q whose prime factors are all in S, and using linear 
combinations to find a relation in TZ, which gives him an integer h such that ^ 1. 
It is then easy to determine the exact order of Q. 

Simerka's Language. Simerka denotes binary quadratic forms Ax'^ + Bxy + Cy^ 
by {A,B,C) and considers forms with even as well as with odd middle coeffi- 
cients. The principal form with discriminant A is called an end forrr0 (Endform, 
Schlussform) , and ambiguou^ forms are called middle forms (Mittclformcn) . 

^Computing the powers of a form Q, one finds Q, , . . . , Q'^ ~ Qo before everything repeats. 
The last form in such a "period" of reduced forms is thus always the principal form. 

•^The word ambiguous was coined by Poullet-Deslisle in the French translation of Gauss's 
Disquisitiones Arithmeticae; it became popular after Kummer had used it in his work on higher 
reciprocity laws. Simerka knew Legendre's "diviseurs quadratiques bifides" as well as Gauss's 
"forma anceps" . 



EH 



□ 



s(a, Q) = s(a', Q') mod TZ. 



s : C1(A) 



Q^'/TZ 
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The subgroup generated by a form Q is called its period, the exponent of a form 
Q in the class group is called the length of its period. Simerka represents a form 
/ = {A, B, C) by a small prime number p represented by /; the powers /I = /, /2, 
/3 of / then represent p, ^ , qIq^^ and the exponent m of the m-th power fm is 
called the pointer (Zeigeio) of /. What we denote by s{Q™') = a mod TZ, Simerka 
wrote as fm = a. 

Simerka introduced this notation in [19l Art. 10]; instead of s{Q) ~ 2 ioi Q = 
(2, 0, c) he simply wrote {2,0, d) = 2. He explained the general case as follows: 

So ist z.B. (180, -17, 193) = ^eil 180 = 2^ x 3^ x 5 und 

-17 = -1 (mod 4), -17 = 1 (mod 6), -17 = 3 (mod 10)0 
One of the tricks he used over and over again is the following: 

{A, B,C) ^ {A,B±2A,A±B + C) ^ {A±B + C,-Bt 2A, A) (2.1) 

shows that if Q = {A, B, C) represents an integer m — Q{1, —1) — A± B + C, then 
s{Q) can be computed from Q ^ (m, ^2 A — B,A). Similarly, we have 

{A, B,C) {A±B + C,B± 2C, C). 

3. Simerka's Calculations 

In this section we will reconstruct a few of Simerka's calculations of (factors of) 
class numbers and factorizations. 

A = —10079. Simerka first considers a simple example (see [191 P- 58]): he picks a 
discriminant A for which A + 1 is divisibly by 2, 3, 5 and 7, namely A = —10079. 
Consider the form Q = (5,1,504) with discriminant A. The small powers of Q 
provide us with the following factorizations: 



This implies 



n 




s(g") 




1 


^(504,-1,5) 


2-3.3-2.7-1 




3 


(36,17, 72) 


2^ • 3-2 






- (72,-17,36) 


2-3 • 32 


s(Q') 


= s 


(g3)s(Q3)^22. 


3-2 . 2-3 . 32 ^ 




= s 


(Q3)3g(Q3)2^2 


3.3-6. 2-6 . 34 , 




= s 


(Q-i)s(Q-3)s(Q6)6^7. 



Now 7 = s(i?) for R = (7, 1, 360): this is easily deduced from A = 1 = 1^ mod 7. 
From i?2 - (49, -41, 60) Simerka reads off siQ*^^) = 2^ • 3-^ • 5. But then s{Q^^) = 
2^ ■ 3"^ and therefore 



s(Q^^)=s(Q^^).s(Q'')2 = 22.3 



3 mod 71. 



This word is apparently borrowed from the book 6 on combinatorial analysis by Andreas 
von Ettinghausen, professor of mathematics at the University of Vienna. Ettinghausen used the 
word "Zeiger" (see [3 p. 2]) as the German translation of the Latin word "index". Simerka refers 
to [6] in [H P- 55]. 

^Thus we have, for example, (180, -17, 193) = because 180 = 2^ x 3^ x 5 and -17 = -1 

(mod 4), -17 = 1 (mod 6), -17 = 3 (mod 10). 
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This implies s(Qi'50) ^ s{Q^^) and therefore s{Q^^^) = 1 mod 7^. Since neither Q^^ 
nor (5^7 g^j.g principal, the class of Q has order 135. 

For showing that h(A) = 135, Simerka would have to determine the pointers of 
all primes p < A/3 « 100.3. The fact that h is odd would then also show that 
A is a prime number. 

A = —121271. For larger discriminants, Simerka suggests the following method: 
Bei grossen Determinanten, oder wo die vorige Methode nicht zum 
Ziele fiihrt, nimmt man die Zeiger einiger kleiner Primzahlen als 
unbekannt an, scheidet dann jene Grossen aus den Producten der 
Bestimmungsgleichungen aus, und sucht die anderen Primzahlen in 
Bestimmungsgleichungen durch jene unbekannten Zeiger darzustel- 
lenQ 

Simerka chooses the discriminant A = —121271; in the course of the calculation it 
becomes clear that A = 99^ — 2^^, and quite likely the discriminant was constructed 
in this way. This is supported by Simerka's remark on [1^ p. 64] that if Z) = 
a™ — 6^ is a (positive) determinant and if a is odd, then the exponent of the form 
(0,26,0™-!) is divisible by m, as can be seen from the "period" 

(a, 26, a™-!), (a^, 26, a""-^), {a"',2b, 1). 

Observe that this statement only holds under the additional assumption that these 
forms be reduced, i.e., that < 26 < a. Examples are D = 3^ — 1 = 26 and 
/i(-4 • 26) = 6, or D = 3^ - 4 = 239 and ft.(-4 • 239) = 15. A similar observation 
was made by Joubert [8] just a few years after Simerka. The connection between 
classes of order n and solutions of the diophantine equation a™ — Dc^ = was 
investigated recently in [9]. 

Let us write Q2 = (2,1,15159) and Q3 = (3,1,10106). Then _ (4,5,7581) 
and s(0|) = 3 • 7-1 • 19-2. Since aiQ^) = 3, we find siQ^'^Qa) = 7-19. 

gi - (8, 13, 3795) gives s{Ql) = 3-^-5- ll^i • 23 and siQ^Qs) = 5 • 11-^ • 23. 
We can summarize Simerka's calculations as follows: 



n 




s(Q^) mod TZ 


n 




s(Q'2') mod 7^ 


2 


(4,5,7581) 




6 


(64,29,477) 






(7581,-5,4) 


3 • 7-1 • 19-2 




(477,-29,64) 


32.53 


3 


(8,13,3795) 






(675,227, 64) 


3-''' • 5-2 




(3795,-13,8) 


3-1 • 5 • 11-1 . 23 


7 


(128,157,285) 




4 


(16,29,1908) 






(285,-157,128) 


3-1 • 5 • 19-1 




(1953,-61,16) 


3-2 . 7-1 • 31 




(483,355,128) 


3-1 •7-23-1 


5 


(32,29,954) 












(957,35,32) 


3-1 • 11 • 29 










(1015,-93,32) 


5-1 •7-29 









For large determinants, or in cases where the preceding method is not successful, we take the 
indices of some small primes as unknowns, eliminates those numbers from the products of the 
determination equations, and seeks to represent these unknown indices by the other primes in 
these determination equations. 
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Note that if s(Q'2) = 2^^u for some odd number u, then s{Q2^^) = u. Thus 
s{Q2) = • 32 . 53 imphes s(Q2) = 3^ • 53, and in such cases we have hsted only 
the relation that does not involve a power of 2. 

The computation of Q2 reveals A = 99^ — 2^^, and shows that s{Ql) = 2^^, 
which gives s{Ql^) = 1. 

Now Simerka continues as follows: the relations 

s{Ql) EE 3 • 7"! • 19-2 and s(Q^) = S^^ • 5 • 19^1 

give 

s(Q^2) ^ s((Q^)2q-2) = 3-2 . 52 . .3-1.7. 192 ^ 3-3 . 52 . 7 
Using the relations 

s{Q¥QI) = 5'-7, and siQlQl) = 5'^ 

Simerka deduces 

miQi) = mi'Qt) = 7. (3.1) 

This allows him to eliminate the 7s from his relations, which gives 
s(Q2~^Q3^) = s{Q2')s{Q3)s{QlQt) = 23, 

s{QlQt) = siQt)s{Ql)mlQt) = i'^- 

For the actual computation of the order of Q3, only the relation p.ip will be needed. 
Simerka also investigates the powers of Q3 and finds 



n 




s{Q'i) mod n 


n 


Q3 ~ 


s(Q^) mod TZ 


1 


(3,1,10106) 




5 


(243,205,168) 






(10108,2,3) 


22 . 7 • 192 




(616,541,168) 


23 - 7-1 - 11-1 


3 


(27,43,1140) 




6 


(729,205,56) 






(1210,-97,27) 


2-1 -5 • 11-2 




(56,-205,729) 


2-3 - 7 




(1162,65,27) 


2-7-1 -83 








4 


(81,43,380) 












(380,-43,81) 


22.5-1-19-1 










(418,119,81) 


2-1 - 11 - 19 









Simerka observes 



siQlQl) = s(g3) s(g2-i) siQlQl) = 83, 

but does not use this relation in the sequel. He continues with 

S(02Q^) = 11 • 19, s(g3Q3-5) = 7-ll, 

from which he derives the following relations: 

S(Q3-11) = s(Q3Q3-5) s(g2-^Q3-^) = 11, s{Q2QI') = s{Q2Qt) s{QV) = 19, 

s(g8gi6 = s(g^) s(g3) siQ^Ql') = 5, s(g22g35) = s(gi6g32) s(g6g3) = i. 

Raising the last relation to the 15th power yields s(g32^) = 1. Checking that gp, 
g|°^ and Ql^^ are not principal then shows that Q3 has order h = 525 = 3-52-7. 
In fact, pari tells us that this is the class number of A = —121271. 
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4. Class Number Calculations 

Let us remark first that Simerka does not compute class numbers but rather the 
order of a given form in the class group. Note that this is sufficient for factoring 
the discriminant. Simerka is well aware of the fact that his method only produces 
divisors of the class number: in |19[ art. 13], he writes 

Was die Lange 9 anbelangt, sucht man fm = 1 zu erhalten, wo 
dann entweder 9 = m oder ein Theiler von m ist. Die wichtigsten 
Glieder der Perioden sind die zu kleinen Primzahlen gehorigen For- 
men. Welches die grosste Primzahl ware, deren Zeiger man kennen 
miisse, um vor Irrthum sicher zu sein, konnte ich bis jetzt nicht er- 
mitteln, jedenfalls ist sie kleiner als D /?> bei den unpaaren, und 
als 1\J D bei den paaren Formen, wahrscheinlich aber reichen 
dazu nur wenige Primzahlen hin0 

In the example A = —121271 above we have seen that the powers of Q2 only 
give a subgroup of order 15 in the class group, whereas the powers of 3 include all 
forms representing the primes 

p = 2, 3, 5, 7, 11, 19, 23, 29, 31, 53, 83. 

For verifying that 121271) = 525, one would have to find the pointers for the 
other primes p with (A/p) = +1 and A < 202 as well, namely those of 

p = 47, 61, 73, 79, 89,..., 197. 

Since the pointers of all small primes are known, this is only a little additional 
work. The fact that the class number is odd then implies that —A = 121271 is a 
prime. 

A = -4 • 265371653. Consider the forms 

ga = (3, 2, 88457218), Qn = (11, 10, 24124698), and Qxz = (13, 10, 20413206). 

Using a computer it is easily checked that ^ QiiQiay but this relation was 
apparently not noticed by Simerka. It would follow easily from 

Q^Qli^ (6591, -6568, 41899), 0(0, 1) = 11 • 13 • 293, 

Q^Ql^^ (2197, -2174, 121326), 0(1, -1) = 3 • 11 • 13 • 293, 

but perhaps the prime 293 was not an element of Simerka's factor base. 

A computer also finds the following relations among the small powers of these 
three forms: 

QllQll = (1058, 918, 251023); s(0n0i3) = 2 • 23-^ 

Oa^OnOis = (529,-140, 501657); s(0"0n0i3) = 23'^ 



As for the length 6 of the period, one tries to find fm = 1, and then either 9 = m, or 9 is 
a divisor of m. The most important members of the period are those belonging to small prime 
numbers. I have not yet found what the smallest prime number is whose pointer must be known 
in order not to commit an error; in any case it is smaller than for odd forms, and than 

2yJ D I'i for the even forms, but most likely just a few prime numbers are sufficient. 
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Composition shows that 



Q3 Q11Q13 — Q11Q13Q3 Qii Q13 



(1058, 918, 251023)(529, 140, 501657) = (2, 918, 132791167), 



and squaring yields 



Similarly, 



Q3 ^^QiiQi3 ~ Qo 



20 



QlQllQll = (16389,-16010,20102), 
Ql'^QllQls = (6859,5028,39611), 

which implies 

QlQllQll ■ QllQll - (19, 12, 13966931), 
and so 

i^siQlQllQlD'/HQl'QllQls) 

Eliminating Qs ^ Q11Q13 from the relations 



8{QlQllQll)^2-19-23\ 

KQl^QllQls) 



.15^8 ^ _ ^93 



siQlQllQll) = 19, 



HQs'QllQ 



13) 



Q11Q13 ^ Q3 QriQit ^ Q' 



then implies 



hence 



Qli''Qlf-Qo and QltQll^Qo, 



^ 14862 ^ 1^ 



It is then easily checked that Q3 and Qu have exponent 14862 in the class group, 
whereas Qia is a sixth power and has order 2477. A quick calculation with pari 
reveals that h{A) = 14862. 

Simerka must have proceeded differently, as he records the relations 



qV'q 



Qr'Q 



)26 
'13 



Qo, Q3 QuQi 



It is not impossible that by playing around with small powers of Q3, Qii and 
Q13, Simerka's calculations can be reconstructed. It is more difficult to reconstruct 
Simerka's factorization of N = ^(10^^—1), since he left no intermediate results at all 
(apparently he was forced to shorten his manuscript drastically before publication). 

Simerka knew that it is often not necessary to determine the class number for 
factoring integers; in [19l Art. 17] he observed: 

Bei Zahlenzerlegungen nach dieser Methode findet man oft /2a = 
, oder es lasst sich aus den Bestimmungsgleichungen eine solche 
Form ableiten; dann hat man — (— )^ = 1, und es kann fa : m 
bios eine Schluss- oder Mittelform sein. Gewohnlich ist das letztere 
der Fall. 



®In factorizations with this method one often finds fa = m? , or such a form can be derived 
from certain determination equations: then we have = { — S^ = 1, and fa : m can only be an 
end or a middle form. Most often, the latter possibility occurs. 
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To illustrate this idea we present an example that cannot be found in Simerka's 
article. Let A = -32137459 and consider the form Q = (5, 1, 1606873) with dis- 
criminant A. It is quickly seen that (5^^(1,0) = 11^. This observation immediately 
leads to a factorization of A: the form Q^^ represents 11^, hence Q^^ represents 
11, as does Qn = (11, 3, 730397). Thus (Q^^i?"^)^ represents 1, which implies that 
gi3i?-i is ambiguous (see [HI S. 36]). In fact, Q^^R-^ = (1511, 1511,5695), which 
gives the factorization A = —1511 • 21269. 

5. Shanks 

The factorization method based on the class group of binary quadratic forms 
was rediscovered by Shanks [18 , who, however, used a completely different method 
for computing the class group: he estimated the class number h using truncated 
Dirichlet L-series and the found the correct value of h with his baby step - giant 
step method. Attempts of speeding up the algorithm led, within just a few years, to 
Shanks's discovery of the infrastructure and his square form factorization method 
SQUFOF. 

The factorization method described by Simerka was rediscovered by Schnorr |15| ; 
the Simerka map is defined in [15l Lemma 4] (see also [ITl Thm. 3.1]), although in a 
slightly different guise: a quadratic form Q = (a, b, c) is factored into "prime forms" 
Ip = {p, bp,C), where B = bp is the smallest positive solution of = A mod 4p 
for A = —N = 1 mod 4. Thus the equation corresponding to our 

n n 

s{Q) = Y[pf"' looks like g = n^-^p)^'' 

i=l 1=1 

in [17], "where the plus sign in the exponent holds if and only if 5 = bp. mod 2pi. 
Variations of this method were later introduced by Mc Curley and Atkin. 

Simerka's method is superior to Schnorr's for calculations by hand since it allows 
him to use the factorizations of (5(0, 1) and g(l, ±1). The main difference between 
the two methods is that Simerka factors the forms Qp for small prime numbers 
p and small exponents n, whereas Schnorr factors products Q"^ • • • Q""^ of forms 
Qj — (pj, *,*) for primes in his factor based and exponent vectors (rii, . . . , ri^) 
chosen at random. 

Simerka's question in Section 4 concerning the number of primes p such that 
the forms (p, B, C) generate the class group was answered under the assumption 
of the Extended Riemann Hypothesis by Schoof ^6l Cor. 6.2], who showed that 
the first clog^ |A| prime numbers suffice; Bach [T] showed that, for fundamental 
discriminants A, we can take c = 6. 

The basic idea of combining relations, which is also used in factorization methods 
based on continued fractions, quadratic sieves or the number field sieve, is not due 
to Simerka but rather occurs already in the work of Fermat and played a role in 
his challenge to the English mathematicians, notably Wallis and Brouncker. In this 
challenge, Fermat explained that if one adds to the cube 343 — 7^ all its proper 
divisors, then the sum 1 + 7 + 7^ + 7"^ = 400 = 20^ is a square, and asked for another 
cube with this property. 

Fermat 's solution is best explained by studying a simpler problem first, namely 
that of finding a number n with 0(11?) = m^, where a(n) = ^ sum of all 

divisors of a number. Making a table of cr(p) for small prime powers p one observes 
that cr(24) = ct(52) = 31, hence c7(202) = 31^. 
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The solutior0 of Fermat's challenge also exploits the multiplicativity of a{n): 
with little effort one prepares a table for the values of (j{p) for small primes p such 
as the following: 



p 




P 




P 


a(p3) 


2 


3 • 5 


13 


22 -S- 7- 17 


31 


2« • 13 • 37 


3 


23 • 5 


17 


22 • 32 • 5 • 29 


37 


22 • 5 • 19 • 137 


5 


2^ • 3 • 13 


19 


23 • 5 • 181 


41 


22 • 3 • 7 • 292 


7 


2^.52 


23 


2^ • 3 • 5 • 53 


43 


23 • 52 • 11 • 37 


11 


23 • 3 • 61 


29 


22 • 3 • 5 • 421 


47 


25. 3- 5 •13- 17 



Then it is readily seen that n = 751530 = 2 • 3 • 5 • 13 • 41 • 47. 

Concluding Remarks 

Simerka's contributions to the theory of quadratic forms and the factorization 
of numbers would have remained unknown if his articles could not be found online. 
In particular, his memoirs [19l |20l [21] can be accessed via google book|3, and the 
articles that appeared in the journal Casopis are available on the website of the 
GD^3 in Gottingen. I would also like to remark that a prerequisite for under- 
standing the importance of p3] is a basic familiarity with composition of binary 
quadratic forms. 

I do not know where Simerka acquired his knowledge of number theory. Simerka 
was familiar with Legendre's "Essais de Theorie des Nombres" and Gauss's "Disqui- 
sitiones Arithmeticae" , as well as with publications by Scheffler 14 on diophantine 
analysif|3, and by Dirichlet [5] and Lipschitz .12j on the class number of forms with 
nonsquare discriminants. Since Lipschitz's article appeared in 1857, Simerka must 
have had access to Crelle's Journal while he was teaching in Budweis. 

Simerka's article ^9j contains other ideas that we have not discussed. In partic- 
ular, in [19l Art. 12] he tries to get to grips with decompositions of noncyclic class 
groups into "periods" (cyclic subgroups); in this connection he gives the example 
A = -2184499 with class group of typeB (5, 5, 11). In [l9l Art. 18], Simerka solves 
diophantine equations of the form pz™ = ax^ + bxy + cy"^. 
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